UPDATED: Kaspersky hit by cyber criminals?

Share

The anti-virus specialists have reportedly been beaten at their own game.

The Russian-based security firm Kaspersky has fallen victim to the cyber criminals it tries to protect users against, according to reports.

The company, known for its anti-virus software, has supposedly been compromised by hackers who have directed users trying to download Kaspersky’s software to malicious sites. Once they have reached the destination they are then encouraged to download fake anti-virus software, which could compromise their data security.

Users of the software have complained to the company over three separate forums but, despite a user thought to be a Kaspersky employee claiming the issue was fixed, the company denied on the forums there had been any problem to begin with.

Writing about the incident on his blog, Rik Ferguson, senior security advisor at Trend Micro, said: “Security vendors have often been the target of both malicious and mischievous hackers and without fail, honesty and transparency have always been the best policy in the aftermath of such an event.”

UPDATE: Kaspersky got back to us and confirmed an attack had hit the site on Sunday, exploiting a vulnerability in a third party app used for website admin.

The company claimed the redirection to the fake anti-virus only lasted three and a half hours and as soon as it was notified, it took the affected server offline within ten minutes.

“Currently the server is secure and fully back online, and Kaspersky products are available for download,” the firm said in a statement sent to IT PRO.

“Kaspersky Lab also wants to confirm that no individual’s details were compromised from the company's web servers during this attack.”

The statement concluded: “Kaspersky Lab takes any attempt to compromise its security seriously. Our researchers are currently working on identifying any possible consequences of the attack for affected users, and are available to provide help to remove the fake antivirus software.”